Smart card reader mac os

Virtual Smart Card¶

Smart card emulator written in Python

Linux (Debian, Ubuntu, OpenMoko)

Virtual Smart Card emulates a smart card and makes it accessible through PC/SC. Currently the Virtual Smart Card supports the following types of smart cards:

Generic ISO-7816 smart card including secure messaging

German electronic identity card (nPA) with complete support for EAC (PACE , TA , CA )

Electronic passport (ePass/MRTD) with support for BAC

Cryptoflex smart card (incomplete)

Although the Virtual Smart Card is a software emulator, you can use PC/SC Relay to make it accessible to an external contact-less smart card reader.

The file utils.py was taken from Henryk Plötz’s cyberflex-shell 1.

Virtual Smart Card used with PCSC-Lite or WinSCard

New in version 0.7: The Virtual Smart Card optionally brings its own standalone implementation of PC/SC. This allows accessing vpicc without PCSC-Lite. Our PC/SC implementation acts as replacement for libpcsclite which can lead to problems when used in parallel with PCSC-Lite.

Virtual Smart Card used with its own PC/SC implementation

On Android, where a traditional PC/SC framework is not available, you can use our framework to make your real contact-less smart accessible through PKCS#11. For example, an email signing application can use the PKCS#11 interface of OpenSC, which is linked against our PC/SC implementation. Then an Android App (e.g. Remote Smart Card Reader ) can connect as vpicc delegating all requests and responses via NFC to a contact-less smart card that signs the mail.

pyscard 4 (relaying a local smart card with –type=relay )

PyCrypto 5, PBKDF2 6, PIL 9, readline 7 or PyReadline 8 (emulation of electronic passport with –type=ePass )

OpenPACE 10 (emulation of German identity card with –type=nPA )

libqrencode 11 (to print a QR code on the command line for vpcd-config ; an URL will be printed if libqrencode is not available)

Download¶

You can find the latest release of Virtual Smart Card on Github. Older releases are still available on Sourceforge.

Alternatively, you can clone our git repository:

Installation¶

Installation on Linux, Unix and similar¶

The Virtual Smart Card uses the GNU Build System to compile and install. If you are unfamiliar with it, please have a look at INSTALL . If you can not find it, you are probably working bleeding edge in the repository. To generate the missing standard auxiliary files you need to additionally install libtool and pkg-config and run the following command in virtualsmartcard :

To configure ( configure —help lists possible options), build and install the Virtual Smart Card now do the following:

Building and installing vpcd on Mac OS X¶

Mac OS X 10.9 and earlier is using PCSC-Lite as smart card service which allows using the standard routine for installation on Unix .

Mac OS X 10.10 (and later) ships with a proprietary implementation of the PC/SC layer instead of with PCSC-Lite. As far as we know, this means that smart card readers must be USB devices instead of directly allowing a more generic type of reader. To make vpcd work we simply configure it to pretend being a USB smart card reader with an Info.plist :

Building and installing vpcd on Windows¶

For the Windows integration we extended Fabio Ottavi’s UMDF Driver for a Virtual Smart Card Reader 12 with a vpcd interface. To build vpcd for Windows we use Windows Driver Kit 10 and Visual Studio 2015 13. The vpcd installer requires the WiX Toolset 3.10 14. If you choose to download the Windows binaries 15, you may directly jump to step 4.

Clone the git repository and make sure it is initialized with all submodules:

If you can successfully Build the solution , you can find the installer ( BixVReaderInstaller.msi ) in virtualsmartcard\win32\BixVReaderInstaller\bin\*Release

All of Fabio’s card connectors are still available, but inactive by default (see Configuring vpcd on Windows below).

Using the Virtual Smart Card¶

Configuring vpcd on Unix¶

Configuring vpcd on Mac OS X¶

Mac OS X 10.9 and earlier is using PCSC-Lite as smart card service which allows using the standard routine for configuration on Unix .

On Mac OS X 10.10 you should have configured the generation of Info.plist at compile time. Now do the following for registering vpcd as USB device:

Choose an USB device (e.g. mass storage, phone, mouse, …), which will be used to start vpcd . Plug it into the computer.

Run the following command to get the device’s product and vendor ID:

Change /usr/local/libexec/SmartCardServices/drivers/ifd-vpcd.bundle/Info.plist to match your product and vendor ID:

Note that ifdFriendlyName can be used in the same way as DEVICENAME described above .

Источник

Using a smart card in macOS

The default method of smart card usage in macOS occurs automatically when a user inserts their card into a card reader attached to the computer. It prompts the user to “pair” the card with their account. This method is called “Local Account Pairing.” If a user doesn’t pair their card when prompted, the user can still use the card to access websites but is unable to log in to their user account with the smart card. Smart cards can also be used with a directory service. To use the smart card for login, it must be either paired or configured to work with a directory service.

Local account pairing

The steps below describe the local account pairing process:

Insert a PIV smart card or hard token that includes authentication and encryption identities

Select “Pair” at the notification dialog

Provide administrator account credentials (user name/password)

Provide the 4–6 digit Personal Identification Number (PIN) for the inserted smart card

Log out and use the smart card and PIN to log back in

Local account pairing can also be accomplished with the command-line and an existing account. See Advanced smart card options for details regarding this method of pairing.

Attribute mapping with Active Directory

Smart cards can be authenticated against Active Directory using attribute mapping. This method involves having an Active Directory-bound system and setting appropriate information in the file /private/etc/SmartcardLogin.plist. This file must have world readable permissions in order to function properly.

Before the user can take advantage of this feature, macOS must be configured with the appropriate attribute mapping and the local pairing user interface must be disabled. To disable the local pairing dialog, open the Terminal app, then type sudo defaults write /Library/Preferences/com.apple.security.smartcard UserPairing -bool NO and enter your local administrator password when prompted.

As soon as macOS is configured, a user simply inserts a smart card or token to create a new user account. They are prompted to enter their pin and create a unique keychain password that is wrapped by the encryption key in the smart card. Accounts can be configured for network user accounts or mobile user accounts.

Note: The presence of the /private/etc/SmartcardLogin.plist file takes precedence over paired local accounts.

Network user account with attribute mapping example

The following is an example SmartcardLogin.plist where mapping correlates the NT Principal Name on the PIV Authentication certificate to the userPrincipalName attribute in Active Directory:

Mobile user account with attribute mapping example

When binding to Active Directory, selecting the “Create mobile account at login” preference allows the creation of mobile accounts for offline login. This mobile user feature is supported with the Kerberos attribute mapping, and it should be configured in the Smartcardlogin.plist. This configuration is also useful in environments where a Mac may not always be able to reach directory server.

Note: Initial account setup requires machine binding and access to the directory server.

The following example SmartcardLogin.plist file matches the Subject Alternative Name type, NT Principal Name, in the identity on the smart card against the Directory Server’s altSecurityIdentities field (Kerberos), allowing for offline login and authentication:

Enabling screen saver on token removal

The screen saver can be configured to start automatically when a user removes their token. This option appears only once a smart card has been paired.

There are two main ways to accomplish this:

Using the Security and Privacy preference pane on the Mac, using the Advanced button and selecting “Turn on screen saver when login token is removed.” Make sure the screensaver settings are configured and select “Require a password immediately after sleep or screen saver begins.”

With a mobile device management (MDM) solution by using the tokenRemovalAction key.

Источник

Ludovic Rousseau’s blog

My activities related to smart card and Free Software (as in free speech).

Thursday, March 20, 2014

Level 1 smart card support on Mac OS X

It may not be easy to check if a smart card stack works or not. I will explain what you can do as a first step to check your smart card stack on Mac OS X.

pcsctest

Apple provides a command line tool pcsctest . It is an evolution of testpcsc provided by the «official» pcsc-lite.

The good news is that this command line tool is installed by default. So every Mac OS X install should have it out of the box.

Command line tool

To run a command line tool you need to start the Terminal application from the /Applications/Utilities/ directory.

Terminal icon

You will then get a Terminal window with a prompt

Normal execution

In green the commands entered by the user.
In yellow the important information.

If your reader is connected and a smart card is inserted you should get something like:

You should note:

• the reader name Gemplus GemPC Twin 00 00
• the card ATR 3B 65 00 00 20 63 CB A6 A0

In this case the reader is correctly found and the communication with the card is working.

You can then use the online Smart card ATR parsing tool to check the ATR corresponds to the card you inserted. In the present case it is a French banking card.

No reader connected

On Mac OS X the PC/SC service (in fact the pcscd daemon) is started by the securityd process at boot and when a USB smart card reader is connected.
So if no reader is connected you get the error: «Service not available» because pcscd is not yet running.

No smart card inserted

The program is then waiting for a card insertion.

If you have a card inserted and you do not get the ATR or an error then you have a problem.

If you insert a card and get the error «Card is unpowered» then you may have inserted the card the wrong way (or your card is dead).

System information

If your reader is connected but you can’t see it with pcsctest then maybe the USB device is not seen by Mac OS X.

You can use the System Information application from the /Applications/Utilities/ directory.

System Information icon

In the application you select the USB subsection in the Hardware section and can see all the USB devices known by the system.

If you can’t see your USB smart card reader then you have a USB issue, not a PC/SC issue.

Command line

You can also use the equivalent command in the Terminal:

Conclusion

These first steps are easy to execute on Mac OS X. If the pcsctest test succeeds then you can be confident that the smart card reader and the PC/SC layer are working correctly.

If the pcsctest test fails then you need to go to a level 2 smart card support on Mac OS X.

Источник

About the SD and SDXC card slot on your Mac

Some Mac computers feature an SD (Secure Digital) or SDXC (Secure Digital Extended Capacity) card slot that lets your Mac read and write data to SD media, such as digital camera memory cards.

What is SD?

SD describes devices that conform to SD standards for non-volatile memory cards. See the SD Association website for details.

Are there size limitations for the cards that can be inserted into the SD slot?

Yes. The SD card specification for a memory card is 32mm by 24mm by 2.1mm. You can also use thinner cards, such as MultiMediaCards (MMC). Avoid using cards that have a thickness greater than 2.1mm, as they might damage the SD card slot if you try to insert them.

Which SD card formats work in the SD card slot?

Cards that conform to the SD 1.x, 2.x, and 3.x standards should work. The SD card slot can use:

• Standard SD, 4MB to 2GB
• SDHC (Secure Digital High Capacity), 4GB to 32GB
• SDXC, 4GB to 2TB
• MMC (MultiMediaCards)
• UHS‑II, up to 2TB (iMac introduced in 2020 and iMac Pro only)

You can use a passive adapter like the one shown here to make MiniSD, MicroSD, and higher density formats like MiniSDHC and MicroSDHC conform to the width and thickness specifications listed above:

How fast can my Mac read or write to an SD card in the SD card slot?

Mac notebooks use the USB bus to communicate with the SD card slot. They have a maximum speed of up to 480Mbit/s. Mac desktops use the PCIe bus to communicate with the SD card slot. Desktops can transfer data at a faster rate.

Check the packaging that came with your SD media to determine the maximum transfer rate that your specific card uses.

To determine the maximum transfer speed of your Mac, you can use System Information. Choose Apple menu  > About This Mac and then click System Report.

If you use a Mac notebook:

1. Select Hardware, then select USB.
2. Select Internal Memory Card Reader and look for the Speed entry.

If you use a Mac desktop computer:

1. Select Hardware, then select Card Reader.
2. Look for the Link Speed entry. Computers that use the PCIe bus express their speed as GT/s.

Does the SD slot work with cards that exceed 32GB?

Yes. However, most media manufacturers preformat the media using common block-and-cluster sizes that don’t approach the theoretical limits of a given file system.

Most SD cards use the FAT32 file format, and preformatted FAT32 SD media is commonly available up to a capacity of 32GB. Media that exceeds 32GB usually uses the exFAT file system, while some smaller capacity cards use the FAT16 file format. Preformatted FAT16 media is generally available up to a capacity of 2GB.

If you use OS X Snow Leopard 10.6.5 or later, you can find out which file system you’re using:

1. Insert the media into the SD card slot.
2. Choose Apple menu > About This Mac.
3. Click System Report.
4. In the Hardware section, click Card Reader, and find the File System field.

Will the SD card slot work with SD cards that use the exFAT file system?

Yes. Any Mac that has an SD card slot and is running OS X 10.6.5 or later can use the exFAT file system.

exFAT is also supported in Boot Camp with Windows 7, 8.1, or 10 on any Mac made in 2011 or later with an SD card slot.

How do I insert media into the SD card slot?

When you insert the card, make sure that the metal contacts face down and point toward the computer. Don’t force media into the SD card slot, as this might cause damage.

How does my Mac use the media inserted into the SD card slot?

Your computer recognizes a card inserted into the SD card slot as a USB storage device. You can mount, read from, and write to the SD card just like you can with any other USB storage device.

I put the card in the slot, but it didn’t mount. What should I do?

Remove the card and insert it again. Sometimes the SD card won’t mount properly if you put it into the slot too slowly. If the card still won’t mount, you might need to reformat your SD card.

When I try to write content to the card, I get a ‘cannot be modified’ message. How can I fix this?

You see this message when you try to edit data on an SD card that’s locked. You need to use the lock slider to unlock the card before you can edit the data.

To eject the card, drag the icon that represents the card to the Trash. After the icon disappears from the desktop, you can remove the card from the computer. Adjust the lock slider tab to unlock the card, then reinsert the card into the slot. See the manufacturer’s instructions for the location of the slider tab.

Can I use Disk Utility to reformat an SD card?

You can use Disk Utility to partition and format an SD device as FAT32 (using the MS-DOS FAT setting) or Mac OS Extended. The Mac OS Extended format can be used only on Macintosh systems. Non-Apple systems won’t recognize cards formatted to Mac OS Extended.

You might have to format a card that’s larger than 32GB with exFAT if you want to use it with a digital camera, GPS, or another device. When in doubt, format the card in the device that you intend to use it with. Formatting a card permanently deletes all of its files. Before continuing, make sure that you have a backup of any files that you want to keep on the SD card.

Can I install macOS on an SD storage device and use it as a startup volume?

Use Disk Utility to change the default partition table to GUID. Then format the card to use the Mac OS Extended file format.

How do I remove a card from the SD card slot?

Before you remove the card, allow any data transfer to SD media to complete. To eject the card, drag the icon that represents the card to the Trash. After the icon disappears from your desktop, you can remove the card from the slot.

Don’t remove a card while your Mac is sleeping, as this could lead to data loss. Always wake your computer and eject the SD card before removing it from your Mac.

Can I use Secure Digital Input Output (SDIO) cards?

No. A Mac computer won’t recognize SDIO cards.

Can I use macOS to see the specifications for the interface hardware and media inserted in the SD card slot?

You can get information about the interface hardware and the media that you inserted in the slot from the System Information:

1. Choose Apple menu > About This Mac.
2. Click System Report.
3. In the Hardware section of System Information, select USB.
4. In the list of USB devices, select Internal Memory Card Reader to access information about the interface hardware and the media inserted into the SD card slot.

Can I use the SD card slot while running Windows using Boot Camp?

The SD card slot works with Boot Camp in all supported versions of Windows. You’ll need to download and install the Windows Support Software to use the SD card slot with Windows.

Can I use an SDXC card on my Mac with Windows?

You can use an SDXC card in Windows 7, Windows 8, and Windows 10 with these Mac computers:

• MacBook Pro (Early 2011 and later)
  MacBook Pro models from 2016 and later don’t have a built-in SD card slot. You can use a USB-C card reader, or a combination of a USB-C to USB Adapter and a USB card reader.
• MacBook Air (Mid 2011 and later)
• Mac mini (Mid 2011 and later)
  Mac mini (Mid 2010) doesn’t support SDXC cards.
• iMac (Mid 2011 and later)
  iMac (Mid 2010) doesn’t support SDXC cards.

Can I use an SD, SDHC, or SDXC card to install Windows on my Mac?

No. You can’t use SD, SDHC, or SDXC cards with Boot Camp to install Windows software on Mac computers.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Источник